[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sql Injection in wordpress 2.3.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Sql Injection in wordpress 2.3.1
From: shino@xxxxxxxxxxxxxxxxxxx
Date: 5 Dec 2007 19:27:09 -0000

Wordpress 2.3.1 converts the 'p' parameter to an integer.

query.php line 449:
$qv['p'] =  (int) $qv['p'];

So there is no exploit possibility.

Prev by Date: Re: Sql Injection in wordpress 2.3.1
Next by Date: Firefox 2.0.0.11 INPUT Denial Of Service
Previous by thread: Re: Sql Injection in wordpress 2.3.1
Next by thread: Advisory: Cross Site Scripting in CiscoWorks
Index(es):
- Date
- Thread